Trust Assessment
moltbook-daily-digest received a trust score of 15/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 1 high, 2 medium, and 0 low severity. Key findings include File read + network send exfiltration, Suspicious import: urllib.request, Sensitive path access: AI agent config.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/wangfugui1799/moltbook-daily-digest/SKILL.md:45 | |
| CRITICAL | Command Injection via Fragile JSON Parsing in Shell Script The `daily-digest.sh` script attempts to parse `~/.config/moltbook/credentials.json` using `grep` and `cut` to extract the `api_key`. This method is highly fragile and vulnerable to command injection. If a malicious actor can control the content of `credentials.json` (e.g., by injecting `"` followed by shell metacharacters into the `api_key` value), they can execute arbitrary commands when the `MOLTBOOK_API_KEY` variable is expanded within the `curl` command. For example, an `api_key` like `moltbook_sk_xxx"; evil_command #` would result in `evil_command` being executed. Replace the `grep | cut` parsing with a robust JSON parser like `jq`. For example, `MOLTBOOK_API_KEY="$(jq -r '.api_key' ~/.config/moltbook/credentials.json 2>/dev/null)"`. Ensure all variables used in shell commands are properly quoted to prevent unexpected shell expansion. | LLM | scripts/daily-digest.sh:8 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/wangfugui1799/moltbook-daily-digest/SKILL.md:45 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/wangfugui1799/moltbook-daily-digest/scripts/digest.py:10 | |
| MEDIUM | Unpinned Dependency in Skill Installation Instructions The `SKILL.md` file instructs users to install `deep-translator` without specifying a version (`pip3 install deep-translator`). This practice can lead to supply chain risks, as a future version of the library could introduce vulnerabilities or breaking changes. If a malicious version is published, users could unknowingly install compromised code. Pin the dependency to a specific, known-good version (e.g., `pip3 install deep-translator==X.Y.Z`). Consider using a `requirements.txt` file with exact versions and hashes for better supply chain security. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/9d1d4e5776e63503)
Powered by SkillShield